New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Copy git ssh-id-wrapper to /tmp only if necessary (Fixes #10582, #19532) #43769
Conversation
It would be nice to have this also backported to the stable branches if the fix is good. Thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One small nitpick, though functionally this looks good.
salt/modules/git.py
Outdated
# Cleanup the temporary ssh wrapper file | ||
if tmp_ssh_wrapper and os.path.exists(tmp_ssh_wrapper): | ||
log.debug('Removing ssh wrapper file {0}'.format(tmp_ssh_wrapper)) | ||
__salt__['file.remove'](tmp_ssh_wrapper) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
EAFP here. We can skip stat-ing the file by doing it like this:
try:
__salt__['file.remove'](tmp_ssh_wrapper)
log.debug('Removed ssh wrapper file %s', tmp_ssh_wrapper)
except AttributeError:
# No wrapper was used
pass
except (SaltInvocationError, CommandExecutionError) as exc:
log.warning('Failed to remove ssh wrapper file %s: %s', tmp_ssh_wraper, exc)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can't say I like calling a function with an obviously wrong parameter. I would have kept at least a check if tmp_ssh_wrapper
which does not require any syscall and would avoid a function call with consequent exception catch but I am happy to oblige.
Note that I wrote it this way because that's exactly how tmp_identity_file
is removed a couple of lines below. Should I change that too?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can't say I like calling a function with an obviously wrong parameter.
That's what exception handling is for.
https://en.wikipedia.org/wiki/Python_syntax_and_semantics#Exceptions
PR updated |
@mtorromeo There is one lint error here. Can you fix it? https://jenkins.saltstack.com/job/PR/job/salt-pr-lint-n/15309/violations/file/salt/modules/git.py/ Then we can get this in. |
…#19532) This adds a check that only copies the ssh wrapper to a temporary location if git is to be run by a specific user and at the same time the predefined wrapper file is not executable by "others" by verifying every path part for the others executable bit. By doing this the temp file is kept only as a last resort which should work with salt-ssh as per bug #19532, while avoiding a needless copy on /tmp which could be potentially mounted with noexec as per bug #10582.
Oops, I copy-pasted the suggested change without checking the syntax first, sorry. |
Backport #43769 to 2017.7
@mtorromeo @rallytime @terminalmage This change is introduced with
|
I had a check on I still prefer to use an |
This adds a check that only copies the ssh wrapper to a temporary location if git is to be run by a specific user and at the same time the predefined wrapper file is not executable by "others" by verifying every path part for the others executable bit.
By doing this the temp file is kept only as a last resort which should work with salt-ssh as per bug #19532, while avoiding a needless copy on /tmp which could be potentially mounted with noexec as per bug #10582.